[tor-commits] [sandboxed-tor-browser/master] Add `readlink` to the tor seccomp whitelist.

yawning at torproject.org yawning at torproject.org
Thu Dec 8 19:25:08 UTC 2016


commit d32f30726e97ee6c151cb45fb008177b68e9d58d
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Thu Dec 8 19:23:25 2016 +0000

    Add `readlink` to the tor seccomp whitelist.
    
    ASAN calls readlink("/proc/self/exe"), because fuck you.
---
 src/cmd/gen-seccomp/seccomp_tor.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/cmd/gen-seccomp/seccomp_tor.go b/src/cmd/gen-seccomp/seccomp_tor.go
index 7300b64..26b4b14 100644
--- a/src/cmd/gen-seccomp/seccomp_tor.go
+++ b/src/cmd/gen-seccomp/seccomp_tor.go
@@ -103,6 +103,8 @@ func compileTorSeccompProfile(fd *os.File, useBridges bool, is386 bool) error {
 		"set_tid_address",
 		"unshare",
 		"rt_sigaction", // Tor filters this but libc does more.
+
+		"readlink", // ASAN needs this.
 	}
 	if is386 {
 		allowedNoArgs386 := []string{



More information about the tor-commits mailing list